CN105933198A - Device for establishing direct connection VPN tunnel - Google Patents
Device for establishing direct connection VPN tunnel Download PDFInfo
- Publication number
- CN105933198A CN105933198A CN201610251272.8A CN201610251272A CN105933198A CN 105933198 A CN105933198 A CN 105933198A CN 201610251272 A CN201610251272 A CN 201610251272A CN 105933198 A CN105933198 A CN 105933198A
- Authority
- CN
- China
- Prior art keywords
- client
- address
- monitoring device
- vpn tunneling
- vpn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a device for establishing a direct connection VPN tunnel. The device comprises a VPN relay service module, a NAT tunneling service module and a configuration module. The VPN relay service module is used for establishing a VPN tunnel with a client side and monitoring equipment respectively. The NAT tunneling service module acquires the public network mapping IP address and the port number of the client side and the monitoring equipment. The client side and the monitoring equipment establish UDP connection through tunneling according to the received opposite-end public network mapping IP address and the port number. The client side and the monitoring equipment establish UDP connection and then the configuration module distributes the monitoring equipment as a VPN tunnel server and distributes the client side as a VPN tunnel client side and issues configuration information to the client side and the monitoring equipment so that the client side and the monitoring equipment are enabled to establish the direct connection VPN tunnel through UDP connection, and the client side directly accesses the monitoring equipment to acquire monitoring videos on the monitoring equipment through the VPN tunnel.
Description
Technical field
The invention belongs to field of data communication, particularly relate to a kind of device setting up direct-connected vpn tunneling.
Background technology
The network environment that video monitoring system is applied at public network is complicated, and client and video monitoring equipment lead to
It is frequently located in different private networks, needs on NAT device, the different business data of video monitoring to be entered
Row public network IP address and private network IP address map, and client just can be made to access and receive NVR/IPC
Monitor video, whole video monitoring system realize complexity, configure loaded down with trivial details;And work as NAT device
When change occurs in the public network IP address of upper use, need to reconfigure, use inconvenience.Additionally some
Within equipment is located across the private network of multi-layer NAT conversion, it is impossible to the private directly these equipment used
Net IP address is mapped to public network IP address.
In order to tackle various NAT networking application environment, client and video monitoring equipment divide
It is not connected to be positioned at the video monitoring server of public network, client and video monitoring equipment by VPN
Carry out data forwarding by video monitoring server at public network to communicate, but this mode needs in a large number
Take the communication between the bandwidth of video server and disposal ability, and client and video server
Carry out forwarding by video server and can bring extra data packetloss and time delay.
In order to solve the problems referred to above, the application for a patent for invention of Publication No. CN104506802A, open
Increase Client Agent module at client-side and increase monitoring device generation in video monitoring equipment side
Reason module, Client Agent module and monitoring device proxy module are under the assistance of video monitoring server
, set up UDP channel, client and video monitoring equipment by respective generation by vpn tunneling technology
Reason module directly communicates through this UDP channel, thus solves client and video monitoring equipment
Between communication to carry out forwarding the problem brought through video server.But client in the program
With the communication between video monitoring equipment will be processed by respective proxy module and forward, deposit
The problems such as resource is many, and efficiency of transmission is the highest, and signaling negotiation and Service control are complicated are consumed at proxy module.
Summary of the invention
It is an object of the invention to provide a kind of device setting up direct-connected vpn tunneling, at management server
Assistance under, client and video monitoring equipment are directly set up vpn tunneling and are communicated, with solve
In prior art, client needs by Client Agent and monitoring device with communicating of video monitoring equipment
Agency process and forward, proxy module consume resource many, efficiency of transmission is the highest, signaling negotiation and
The problem that Service control is complicated.
To achieve these goals, technical solution of the present invention is as follows:
A kind of device setting up direct-connected vpn tunneling, the management service being applied in video monitoring system
Device, described video monitoring system includes client and monitoring device, the Yi Jiwei being positioned at different private network
In the management server of public network, the described device setting up direct-connected vpn tunneling, including:
VPN relay service modules, for setting up vpn tunneling respectively with client and monitoring device;
NAT burrows service module, maps IP address, port numbers for obtaining the public network of client,
And the public network of monitoring device maps IP address, port numbers, the public network of client is mapped IP address
It is sent to monitoring device with port numbers, the public network of monitoring device is mapped IP address and port numbers sends
To client, so that client and monitoring device utilize the IP address and port number information each received
Carry out burrowing cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect
;
Configuration module, is used for distributing monitoring device and client is respectively vpn tunneling role server
With vpn tunneling client role, issue configuration information to client and monitoring device so that client
End and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
Further, described configuration module assignment monitoring device and client are respectively vpn tunneling clothes
Business device role and vpn tunneling client role, issues configuration information to client and monitoring device,
When making client and monitoring device by the direct-connected vpn tunneling of UDP connection establishment, perform following behaviour
Make:
Distribution monitoring device is vpn tunneling server, issues the virtual of vpn tunneling server use
The Microsoft Loopback Adapter address that NIC address and vpn tunneling client use, to monitoring device, issues and carries out
The username and password of authentication is to monitoring device, in order to monitoring device completes vpn tunneling server
Configuration, then starts on the private network IP address and private network port numbers of monitoring device and intercepts process, detect
Listen the vpn tunneling connection request of vpn tunneling client, listen to vpn tunneling connection request
After carry out subscription authentication and response, in monitoring device generate PPP Microsoft Loopback Adapter interface, and will distribution
It is handed down to client to the Microsoft Loopback Adapter address of vpn tunneling client;
Distribution client is vpn tunneling client, the IP of notice client VPN tunnel server
Address and public network that port numbers is monitoring device map IP address and port numbers, and issue and authenticate
Username and password to client, in order to client sends to monitoring device and sets up vpn tunneling even
Connect request, receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues,
PPP Microsoft Loopback Adapter interface is generated in client.
Further, described configuration module is additionally operable to:
Notice client and monitoring device generate address for the purpose of the Microsoft Loopback Adapter address of the other side respectively
Host routes.
Wherein, the purpose IP address of the Host routes of described client is for distributing to vpn tunneling service
The Microsoft Loopback Adapter address of device, outgoing interface is the PPP Microsoft Loopback Adapter interface in client, and described monitoring sets
The purpose IP address of standby Host routes is the Microsoft Loopback Adapter address distributing to vpn tunneling client,
Outgoing interface is the PPP Microsoft Loopback Adapter interface in monitoring device.
The invention allows for a kind of device setting up direct-connected vpn tunneling, be applied to video monitoring system
Client in system, described video monitoring system includes that the client being positioned at different private network and monitoring set
Standby, and it is positioned at the management server of public network, the described device setting up direct-connected vpn tunneling, including
:
Client relaying VPN module, disappears for setting up vpn tunneling request to management server transmission
Breath, sets up vpn tunneling with management server;
Client burrows module, maps IP for receiving the public network of the monitoring device that management server issues
By the cross-over NAT equipment that burrows between address and port numbers, and monitoring device, set up and monitoring device
Between UDP connect;
Client direct-connected VPN module, for receiving the configuration information that management server issues, with prison
Control equipment passes through the vpn tunneling that UDP connection establishment is direct-connected.
Further, described client direct-connected VPN module is receiving the configuration that management server issues
Information, during with monitoring device by UDP connection establishment direct-connected vpn tunneling, performs following operation
:
Distribution according to management server is arranged from as vpn tunneling client, receives management service
IP address and the public network that port numbers is monitoring device of the vpn tunneling server that device issues map IP
Address and port numbers, and carry out the username and password authenticated, send to monitoring device and set up VPN
Tunnel connection request;
Receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, generate PPP
Microsoft Loopback Adapter interface.
Further, described client direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of monitoring device
Host routes, the purpose IP address of described Host routes is the void distributing to vpn tunneling server
Intending NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
The invention allows for a kind of device setting up direct-connected vpn tunneling, be applied to video monitoring system
Monitoring device in system, described video monitoring system includes client and the monitoring being positioned at different private network
Equipment, and it is positioned at the management server of public network, the described device setting up direct-connected vpn tunneling, bag
Include:
Monitoring device relaying VPN module, sets up vpn tunneling request for sending to management server
Message, sets up vpn tunneling with management server;
Monitoring device burrows module, maps IP for receiving the public network of the client that management server issues
By the cross-over NAT equipment that burrows between address and port numbers, and client, set up between client
UDP connect;
Monitoring device direct-connected VPN module, for receiving the configuration information that management server issues, with
Client passes through the vpn tunneling that UDP connection establishment is direct-connected.
Further, described monitoring device direct-connected VPN module is in joining that reception management server issues
Confidence ceases, and during with client by UDP connection establishment direct-connected vpn tunneling, performs following operation
:
Distribution according to management server is arranged from as vpn tunneling server, receives management service
The Microsoft Loopback Adapter address of the vpn tunneling server use that device issues and vpn tunneling client use
Microsoft Loopback Adapter address, and carry out the username and password authenticated, self private network IP address and
Start in private network port numbers and intercept process, intercept the vpn tunneling connection request of vpn tunneling client
, after listening to vpn tunneling connection request, carry out subscription authentication and response, with certainly, generate PPP
Microsoft Loopback Adapter interface, and client is handed down in the Microsoft Loopback Adapter address distributing to vpn tunneling client
End.
Further, described monitoring device direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of client
Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling client virtual
NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
The present invention proposes a kind of device setting up direct-connected vpn tunneling, in the assistance of management server
Under, client and monitoring device first carry out burrowing set up UDP connect, cross-over NAT equipment, then
Connected the foundation of direct-connected vpn tunneling by UDP, set up straight between client and monitoring device
After vpn tunneling even, client directly can obtain video by accessing monitoring equipment, solves existing
In technology, client is acted on behalf of by Client Agent and monitoring device with the needs that communicate of video monitoring equipment
Processing and forward, proxy module consumption resource is many, and efficiency of transmission is the highest, signaling negotiation and business
Control complicated problem.
Accompanying drawing explanation
Fig. 1 is the apparatus structure schematic diagram that the embodiment of the present invention one sets up direct-connected vpn tunneling;
Fig. 2 is the schematic network structure of embodiment of the present invention video monitoring system;
Fig. 3 is the apparatus structure schematic diagram that the embodiment of the present invention two sets up direct-connected vpn tunneling;
Fig. 4 is the apparatus structure schematic diagram that the embodiment of the present invention three sets up direct-connected vpn tunneling;
Fig. 5 is the method flow diagram that the embodiment of the present invention four sets up direct-connected vpn tunneling.
Detailed description of the invention
With embodiment, technical solution of the present invention is described in further details below in conjunction with the accompanying drawings, real below
Execute example and do not constitute limitation of the invention.
In video surveillance network, client need accessing monitoring equipment to obtain monitor video, but objective
Family end and monitoring device are frequently located in different private networks, and client and monitoring device all use private network IP
Address, therefore client cannot direct accessing monitoring equipment.The invention provides a kind of in management service
Under the assistance of device, client and monitoring device set up the device of direct-connected vpn tunneling, direct-connected VPN tunnel
After road is set up, client can directly accessing monitoring equipment, the monitor video needed for acquisition.
Embodiment one,
As it is shown in figure 1, a kind of device setting up direct-connected vpn tunneling of the present embodiment, it is applied to management
Server, including:
VPN relay service modules, for setting up vpn tunneling respectively with client and monitoring device.
In existing video surveillance network, client and monitoring device by respectively with the pipe in public network
Reason server sets up vpn tunneling to pass through the NAT device of client and monitoring device, passes through public network
In management server the monitoring video flow in monitoring device is transmitted to client.The present embodiment manages
Server is the video management server of video monitoring system.Monitoring device/client is servicing with management
When vpn tunneling set up by device, the NAT device of monitoring device/client can generate this monitoring device
Private network IP address and port numbers and public network map IP address and the mapping relations table of port numbers, and monitoring sets
Standby/client uses private network IP address and port numbers to send to management server VPN relay service modules
Setting up vpn tunneling request message, NAT device will set up monitoring device in vpn tunneling request message
The private network IP address of/client and port numbers are converted to the public network of monitoring device/client and map IP ground
It is sent to manage server VPN relay service modules behind location and port numbers, in management server VPN
The vpn tunneling of setting up of the service module response monitoring equipment/client that continues asks message, completes VPN
The foundation in tunnel.
Client/monitoring device sets up vpn tunneling with management server respectively, can be used for subsequent clients
Interacting message between end/monitoring device and management server, simultaneously between client and monitoring device
Direct-connected vpn tunneling fault time, client can use self with management server set up VPN tunnel
Road carrys out Access Management Access server, and management server is communicated by the vpn tunneling with monitoring device,
The monitor video forwarding acquisition monitoring device by management server.
NAT burrows service module, maps IP address, port numbers for obtaining the public network of client,
And the public network of monitoring device maps IP address, port numbers, the public network of client is mapped IP address
It is sent to monitoring device with port numbers, the public network of monitoring device is mapped IP address and port numbers sends
To client, in order to client and monitoring device utilize the IP address and port number information each received
Carry out burrowing cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect.
Agreement STUN (Simple Traversal of is passed through by NAT between client and monitoring device
UDP Through NAT) burrow cross-over NAT equipment, and set up UDP between the two and connect.
Assuming that client is STUN ClientA, the NAT of client-side is NA, and monitoring device is
STUN ClientB, the NAT of monitoring device side are NB, and management server is STUN Server,
Client burrows with monitoring device, and to set up the process that UDP is connected as follows for cross-over NAT equipment:
(1) STUN ClientA is disappeared to STUN Server transmission UDP request STUN by NA
The translated addresses of self is inquired and registered to breath;
(2) STUN Server receives request message, produces response message, and carrying in response message please
Seek the source port of message, i.e. the outside port that STUN ClientA is corresponding on NA, it is then responding to
Message is sent to STUN ClientA by NA;
(3) STUN ClientB is disappeared to STUN Server transmission UDP request STUN by NB
The translated addresses of self is inquired and registered to breath;
(4) STUN Server receives request message, produces response message, and carrying in response message please
Seek the source port of message, i.e. the outside port that STUN ClientB is corresponding on NB, it is then responding to
Message is sent to STUN ClientB by NB;
(5) its external address corresponding on NA and port information are included in by STUN ClientA
In message, being sent to STUN Server request will be with STUN ClientB communication;
(6) after STUN Server receives solicited message, the registered address of inquiry STUN ClientB
, and forward a request to STUN ClientB by NB;
(7) STUN ClientB by the content in message body learn STUN ClientA outside
Address, portion and port, and its external address corresponding on NB and port information are included in response and disappear
In breath, then response message is sent to STUN ClientA, STUN ClientA and receives response letter
It is also known that the external address of STUN ClientB and port after breath, thus at STUN ClientA
And between STUN ClientB, establishing UDP connection, the communication solving the passing through NAT that burrows is built
Vertical problem.
It should be noted that arranging monitoring device is STUN ClientA, client is STUN
ClientB, is capable of the passing through NAT that burrows equally, repeats no more here.
The present embodiment management server NAT burrow service module getting client public network map
After the public network of IP address, port numbers, and monitoring device maps IP address, port numbers, pass through VPN
The public network of client is mapped the vpn tunneling that relay service modules is set up IP address and port numbers sends
To monitoring device, the public network of monitoring device is mapped IP address and port numbers is sent to client, visitor
Family end and monitoring device utilize the public network each received to map IP address and port number information burrows.
Burrow and between rear client and monitoring device, established the UDP of a cross-over NAT equipment
Connect, specifically include: on the NAT device of client, generate an internal address and port numbers is
The private network IP address of client and port numbers, outer net address and the public network that port numbers is client map
IP address and the session connection of port numbers, this session connection only accepts the public network of monitoring device and maps IP
The access of address, generates an internal address and port numbers on the NAT device of monitoring device simultaneously
It is the public affairs of monitoring device for private network IP address and the port numbers of monitoring device, outer net address and port numbers
Net maps IP address and the session connection of port numbers, and this session connection only accepts the public network of client and reflects
Penetrate the access of IP address.
Client maps IP address and port numbers by the public network of monitoring device and disappears to monitoring device transmission
Breath, source IP address in message and private network IP address that port numbers is client and port numbers, client
Source IP address in message and port numbers are converted to the public network of client and map IP by the NAT device of end
Being sent to the NAT device of monitoring device behind address and port numbers, the NAT device of monitoring device receives
After message by the purpose IP address in message and port numbers by the public network of monitoring device map IP address and
Port numbers is sent to monitoring device after being converted to the private network IP address of monitoring device and port numbers.Monitoring
Equipment maps IP address by the public network of client and port numbers sends message to client, in message
Source IP address and private network IP address that port numbers is monitoring device and port numbers, monitoring device
Source IP address in message and port numbers are converted to the public network of monitoring device and map IP ground by NAT device
Being sent to the NAT device of monitoring device behind location and port numbers, the NAT device of monitoring device receives and disappears
After breath, the purpose IP address in message and port numbers are mapped IP address and port by the public network of client
It is sent to client after number being converted to the private network IP address of client and port numbers.In this way
Client and monitoring device just can utilize the UDP set up that burrows to connect and directly send mutually message.
It should be noted that due to the session connection on the NAT device of client and monitoring device all
Expired time, client and monitoring device is had to build by burrowing by sending periodic keep-alive message
Vertical UPD connection carries out keep-alive.
Configuration module, is used for distributing monitoring device and client is respectively vpn tunneling role server
With vpn tunneling client role, issue configuration information to client and monitoring device so that client
End and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
Client and monitoring device are burrowing successfully, after setting up UDP connection, will burrow and successfully disappear
Breath is sent to manage server.After management server configures module receives the successful message that burrows, distribution
Monitoring device is vpn tunneling server, issues the Microsoft Loopback Adapter address that vpn tunneling server uses
With vpn tunneling client use Microsoft Loopback Adapter address to monitoring device, issue and carry out authentication user
Name and password complete to monitoring device, the message that monitoring device issues according to management server configures module
The configuration of vpn tunneling server, then on the private network IP address and private network port numbers of monitoring device
Start and intercept process, intercept the vpn tunneling connection request of vpn tunneling client.Listening to
Carry out subscription authentication and response after vpn tunneling connection request, in monitoring device, generate PPP subsequently
Microsoft Loopback Adapter interface, this Microsoft Loopback Adapter interface is that the vpn tunneling server that management server issues makes
Microsoft Loopback Adapter address.
Management server configures module assignment client is vpn tunneling client, notifies client
The IP address of vpn tunneling server and the public network that port numbers is monitoring device map IP address and public network
Port numbers, and issue the username and password carrying out authenticating and send out to monitoring device to client, client
Sending and set up vpn tunneling connection request, monitoring device listens to after this sets up vpn tunneling connection request
Carry out subscription authentication and response, and server configures module assignment will be managed to vpn tunneling client
Microsoft Loopback Adapter address be handed down to client, client receives the vpn tunneling visitor that monitoring device issues
The Microsoft Loopback Adapter address that family end uses, generates PPP Microsoft Loopback Adapter interface on the client, completes VPN
The foundation in tunnel.
After vpn tunneling between client and monitoring device is set up, in client and monitoring device
A new PPP Microsoft Loopback Adapter interface, the PPP Microsoft Loopback Adapter interface in monitoring device will be generated
IP address be management server-assignment to the Microsoft Loopback Adapter address of vpn tunneling server, client
On the IP address of PPP Microsoft Loopback Adapter interface be that management server-assignment is to vpn tunneling client
Microsoft Loopback Adapter address.
Then management server configures module notice client and monitoring device generate respectively with the other side's
The Host routes of address for the purpose of Microsoft Loopback Adapter address, or issue a Host routes respectively to client
And monitoring device.Wherein the purpose IP address of the Host routes of client is given for management server-assignment
The Microsoft Loopback Adapter address of vpn tunneling server, outgoing interface is that in client, newly-established PPP is virtual
Network card interface, the purpose IP address of the Host routes of monitoring device is for managing server-assignment to VPN
The Microsoft Loopback Adapter address of tunnel client end, outgoing interface is newly-established PPP Microsoft Loopback Adapter in monitoring device
Interface.
It should be noted that the present embodiment distribution monitoring device is vpn tunneling server, distribution visitor
Family end is vpn tunneling client, client initiate to set up vpn tunneling connection request.Similarly
, it is also possible to distribution client is vpn tunneling server, and distribution monitoring device is vpn tunneling client
End, is initiated to set up vpn tunneling connection request by monitoring device.The invention is not restricted to concrete implementation
Form.
Thus client and monitoring device establish direct-connected under the assistance of management server configures module
Vpn tunneling, use management server configures module assignment to the virtual net of vpn tunneling server
Card address and management server configures module assignment are straight to the Microsoft Loopback Adapter address of vpn tunneling client
Connecing and communicate, client directly obtains monitor video from monitoring device.
It should be noted that when the direct-connected vpn tunneling of client and monitoring device foundation breaks down
Time, owing to client has all set up VPN tunnel with management server, monitoring device with management server
Road, the vpn tunneling that client can use it and management server to set up carrys out Access Management Access server,
The monitor video forwarding acquisition monitoring device by management server.
Below by citing, the present embodiment is illustrated, the not office of the vpn tunneling in the present embodiment
It is limited to use certain special agreement, can be L2TP, PPTP, IPSec or GRE, this example
L2TP is used to illustrate.As in figure 2 it is shown, the public network IP address of management server is:
202.110.110.25, management server is L2TP server, and the IP address of L2TP server is
10.10.10.1.The IP address of monitoring device is: 192.168.1.110, and the IP address of client is
192.168.2.220, the public network IP address of the NAT device of monitoring device is: 202.100.100.11,
The public network IP address of the NAT device of client is: 202.200.200.22.Monitoring device is to management clothes
Business device VPN relay service modules sends sets up L2TP Tunnel request message, VPN relay services mould
Block responds this and sets up L2TP Tunnel request, to the private network IP address of monitoring device distribution 10.10.10.2
As the IP address of L2TP client, and notifying monitoring device, the IP address of L2TP server is
10.10.10.1, monitoring device sets up, according to the response message received, the PPP0 that IP address is 10.10.10.2
Interface, and generate following routing table:
Table 1
Client is set up L2TP Tunnel request to management server VPN relay service modules transmission and is disappeared
Breath, VPN relay service modules responds this and sets up L2TP Tunnel request, distributes to client
10.10.10.3 private network IP address is as the IP address of L2TP client, and notifies client, L2TP
The IP address of server is 10.10.10.1, and client is set up IP address according to the response message received and is
10.10.10.3 PPP0 interface, and generate following routing table:
Destination address | Subnet mask | Gateway | Outlet network interface card |
10.10.10.1 | 32 | * | PPP0 |
192.168.2.0 | 24 | 192.168.2.1 | Eth1 |
10.10.0.0 | 16 | 10.10.10.1 | PPP0 |
… | … | … | … |
0.0.0.0 | 0.0.0.0 | 192.168.1.1 | Eth1 |
Table 2
When client wants accessing monitoring equipment to set up UDP connection, pass through agreement STUN by NAT, pipe
Reason server NAT burrow service module obtain monitoring device public network map IP address
202.100.100.11 and port numbers 10001, and the public network mapping IP address of client
202.200.200.22 with port numbers 10021, management server NAT burrows service module by monitoring device
Public network map IP address 202.100.100.11 and port numbers 10001 and be sent to client, manage simultaneously
The public network of client is mapped IP address 202.200.200.22 and end by the server NAT service module that burrows
Slogan 10021 is sent to monitoring device, client and monitoring device and burrows according to the information received
, the rear monitoring device that burrowed is by private net address 192.168.1.110, and port 15000 receives and dispatches message
, it is 202.100.100.11 that this address port maps outer net address at local NAT device, port 10001.
Client passes through private net address 192.168.2.200, and port 11000 receives and dispatches message, and this address port exists
It is 202.200.200.22 that local NAT device maps outer net address, port 10021.
Client and monitoring device are set up after connecting and are sent keep-alive message, it is to avoid conversational list on NAT device
Item is aging.Monitoring device and the client successful message that will burrow all reports management server, management
The server NAT service module that burrows determines that both have burrowed successfully.
Now monitoring device mails to 202.200.200.22, and the message of port 10021 will be by client-side
NAT device is transmitted to client 192.168.2.200, port 11000.Client mails to
202.100.100.11, the message of port 10001, monitored device side NAT device is transmitted to monitoring
Equipment 192.168.1.110, port 15000.
After successful message that management server configures module receives client and monitoring device burrows, notice
Monitoring device is as L2TP server, and L2TP server ip address is 10.10.10.4, L2TP visitor
End IP address, family is 10.10.10.5, the L2TP entitled XXX of authentication user, and password is YYY, and monitoring sets
After the standby information issued according to configuration module completes the relevant configuration of L2TP, at 192.168.1.110, end
Mouth 15000 starts L2TP Server intercepts, and prepares to accept L2TP client and dials in.
Then, configuration module notice client, distribute it for L2TP Client, L2TP Server address
For 202.100.100.11, port is 10001, and L2TP authentication user is XXX, and password is YYY.
After the notified message of client, to 202.100.100.11, port 10001 initiates L2TP dial-up connection
Request, authentication user is XXX, and password is YYY, and the NAT device of monitoring device side receives L2TP
After dial-up connection request message, purpose IP address and port numbers are changed by 202.100.100.11 and 10001
For being sent to monitoring device after 192.168.2.220 and 11000, monitoring device is in IP address
192.168.1.110 listen to reflect after message is asked in this L2TP dial-up connection with in port numbers 15000
Power and response.Authentication is by rear, and L2TP server notifies L2TP client, distributes to L2TP visitor
The IP address of family end be the IP address of 10.10.10.5, L2TP server be 10.10.10.4.L2TP tunnel
Road is set up and can be generated a new PPP interface that IP address is 10.10.10.4 on rear video server, connects
The numbered PPP1 of mouth, client can generate a new PPP interface that IP address is 10.10.10.5,
Interface index is PPP1.
Then configuration module issues a route to respectively client and monitoring device, wherein client
The purpose IP address of route is 10.10.10.4, and outgoing interface is PPP1, purpose IP of the route of monitoring device
Address is 10.10.10.5, and outgoing interface is PPP1.
Now, the routing table of monitoring device is as follows:
Table 3
The routing table of client is as follows:
Destination address | Subnet mask | Gateway | Outlet network interface card |
10.10.10.1 | 32 | * | PPP0 |
10.10.10.4 | 32 | * | PPP1 |
192.168.1.0 | 24 | 192.168.1.1 | Eth1 |
10.10.0.0 | 16 | 10.10.10.1 | PPP0 |
… | … | … | … |
0.0.0.0 | 0.0.0.0 | 192.168.1.1 | Eth1 |
Table 4
Monitoring device IP address 10.10.10.4, matched routings is preferentially used during client-access monitoring device
Article 2 route in client routing table, by the direct-connected L2TP Tunnel between client and monitoring device
Accessing monitoring equipment.During direct-connected L2TP Tunnel fault between client and monitoring device, then use
The IP address 10.10.10.2 of monitoring device, in matched routings client routing table, Article 4 route, passes through
Management server carries out transfer and carrys out accessing monitoring equipment.
Embodiment two,
As it is shown on figure 3, a kind of device setting up direct-connected vpn tunneling of the present embodiment, it is applied to video prison
Client in Ore-controlling Role, including:
Client relaying VPN module, disappears for setting up vpn tunneling request to management server transmission
Breath, sets up vpn tunneling with management server;
Client burrows module, maps IP for receiving the public network of the monitoring device that management server issues
By the cross-over NAT equipment that burrows between address and port numbers, and monitoring device, set up and monitoring device
Between UDP connect;
Client direct-connected VPN module, for receiving the configuration information that management server issues, with prison
Control equipment passes through the vpn tunneling that UDP connection establishment is direct-connected.
The present embodiment client direct-connected VPN module is receiving the configuration information that management server issues,
During with monitoring device by UDP connection establishment direct-connected vpn tunneling, perform following operation:
Distribution according to management server is arranged from as vpn tunneling client, receives management service
IP address and the public network that port numbers is monitoring device of the vpn tunneling server that device issues map IP
Address and port numbers, and carry out the username and password authenticated, send to monitoring device and set up VPN
Tunnel connection request;
Receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, generate PPP
Microsoft Loopback Adapter interface.
It should be noted that it is vpn tunneling client that the present embodiment can also distribute monitoring device,
And distributing client is vpn tunneling server, repeat no more here.
The present embodiment client direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of monitoring device
Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling server virtual
NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
It should be noted that management server configures module notice client and monitoring device generate respectively
The Host routes of address for the purpose of the Microsoft Loopback Adapter address of the other side, or issue a Host routes respectively
To client and monitoring device, the invention is not restricted to concrete implementation mode.
Embodiment three,
As shown in Figure 4, a kind of device setting up direct-connected vpn tunneling of the present embodiment, it is applied to video
Monitoring device in monitoring system, including:
Monitoring device relaying VPN module, sets up vpn tunneling request for sending to management server
Message, sets up vpn tunneling with management server;
Monitoring device burrows module, maps IP for receiving the public network of the client that management server issues
By the cross-over NAT equipment that burrows between address and port numbers, and client, set up between client
UDP connect;
Monitoring device direct-connected VPN module, for receiving the configuration information that management server issues, with
Client passes through the vpn tunneling that UDP connection establishment is direct-connected.
The present embodiment monitoring device direct-connected VPN module is receiving the configuration information that management server issues
, during with client by UDP connection establishment direct-connected vpn tunneling, perform following operation:
Distribution according to management server is arranged from as vpn tunneling server, receives management service
The Microsoft Loopback Adapter address of the vpn tunneling server use that device issues and vpn tunneling client use
Microsoft Loopback Adapter address, and carry out the username and password authenticated, self private network IP address and
Start in private network port numbers and intercept process, intercept the vpn tunneling connection request of vpn tunneling client
, after listening to vpn tunneling connection request, carry out subscription authentication and response, with certainly, generate PPP
Microsoft Loopback Adapter interface, and client is handed down in the Microsoft Loopback Adapter address distributing to vpn tunneling client
End.
The present embodiment monitoring device direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of client
Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling client virtual
NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
Similarly, it is vpn tunneling client that the present embodiment can also distribute monitoring device, and distributes
Client is vpn tunneling server;Management server configures module notice client and monitoring device
Generate the Host routes of address for the purpose of the Microsoft Loopback Adapter address of the other side respectively, or issue one respectively
Host routes, to client and monitoring device, the invention is not restricted to concrete implementation mode.
Embodiment four,
As it is shown in figure 5, present embodiment describes the method setting up direct-connected vpn tunneling, including:
Step S1, management server set up vpn tunneling respectively with client and monitoring device.
The present embodiment management server is the video management server of video monitoring system, monitoring device/
Client is when setting up vpn tunneling with management server, on the NAT device of monitoring device/client
Can generate the private network IP address of this monitoring device and port numbers and public network maps IP address and port numbers
Mapping relations table, monitoring device/client uses private network IP address and port numbers to send out to management server
Send and set up vpn tunneling request message, NAT device will set up vpn tunneling ask monitoring device in message/
The private network IP address of client and port numbers are converted to the public network of monitoring device/client and map IP ground
It is sent to manage server, building of management server response monitoring equipment/client behind location and port numbers
Vertical vpn tunneling request message, completes the foundation of vpn tunneling.
Client/monitoring device sets up vpn tunneling with management server respectively, can be used for sending follow-up
Interaction message between client/monitoring device and management server in step, simultaneously client with
During direct-connected vpn tunneling fault between monitoring device, client can use and self build with management server
Vertical vpn tunneling carrys out Access Management Access server, and management server is by the VPN tunnel with monitoring device
Road communicates, by the monitor video forwarding acquisition monitoring device of management server.
Step S2, management server obtain the public network of client and map IP address, port numbers, and
The public network of monitoring device maps IP address, port numbers, and the public network of client is mapped IP address and end
Slogan is sent to monitoring device, the public network of monitoring device is mapped IP address and port numbers is sent to visitor
Family end, in order to client and monitoring device utilize the IP address each received and port number information to carry out
Burrow cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect.
Agreement STUN (Simple Traversal of is passed through by NAT between client and monitoring device
UDP Through NAT) burrow cross-over NAT equipment, and set up UDP between the two and connect.
The present embodiment management server maps IP address, port numbers at the public network getting client,
And after the public network of monitoring device maps IP address, port numbers, by the VPN set up in step S1
The public network of client is mapped IP address in tunnel and port numbers is sent to monitoring device, by monitoring device
Public network map IP address and port numbers and be sent to client, client and monitoring device and utilize each
The public network received maps IP address and port number information burrows.
Burrow and established the UDP of a cross-over NAT equipment between rear client and monitoring device even
Connect, specifically include: on the NAT device of client, generate an internal address and port numbers is client
The private network IP address of end and port numbers, outer net address and the public network that port numbers is client map IP ground
Location and the session connection of port numbers, this session connection only accepts the public network of monitoring device and maps IP address
Access, on the NAT device of monitoring device, generate an internal address and port numbers for monitoring simultaneously
The private network IP address of equipment and port numbers, outer net address and the public network that port numbers is monitoring device map
IP address and the session connection of port numbers, this session connection only accepts the public network of client and maps IP ground
The access of location.
Client maps IP address and port numbers by the public network of monitoring device and disappears to monitoring device transmission
Breath, source IP address in message and private network IP address that port numbers is client and port numbers, client
Source IP address in message and port numbers are converted to the public network of client and map IP by the NAT device of end
Being sent to the NAT device of monitoring device behind address and port numbers, the NAT device of monitoring device receives and disappears
After breath, the purpose IP address in message and port numbers are mapped IP address and end by the public network of monitoring device
Slogan is sent to monitoring device after being converted to the private network IP address of monitoring device and port numbers.Monitoring sets
Message is sent to client, in message for by public network mapping IP address and the port numbers of client
Source IP address and private network IP address that port numbers is monitoring device and port numbers, the NAT of monitoring device
Equipment the source IP address in message and port numbers are converted to monitoring device public network map IP address and
Being sent to the NAT device of monitoring device after port numbers, the NAT device of monitoring device will after receiving message
Purpose IP address and port numbers in message are mapped IP address and port numbers conversion by the public network of client
For being sent to client after the private network IP address of client and port numbers.Client in this way
The UDP connection that just can utilizing with monitoring device burrows sets up directly sends mutually message.
It should be noted that owing to the session connection on the NAT device of client and monitoring device has
Expired time, client and monitoring device are by sending periodic keep-alive message to by burrowing foundation
UPD connect carry out keep-alive.
Step S3, management server-assignment monitoring device and client are respectively vpn tunneling server
Role and vpn tunneling client role, issue configuration information to client and monitoring device so that
Client and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
Client and monitoring device are burrowing successfully, after setting up UDP connection, will burrow and successfully disappear
Breath is sent to manage server.After management server receives the successful message that burrows, distribute monitoring device
For vpn tunneling server, issue Microsoft Loopback Adapter address and VPN that vpn tunneling server uses
The Microsoft Loopback Adapter address that tunnel client end uses, to monitoring device, issues and carries out authentication user name and password
To monitoring device, the message that monitoring device issues according to management server completes vpn tunneling server
Configuration, then on the private network IP address and private network port numbers of monitoring device start intercept process,
Intercept the vpn tunneling connection request of vpn tunneling client.Please listening to vpn tunneling connection
Carry out subscription authentication and response after asking, in monitoring device, generate PPP Microsoft Loopback Adapter interface subsequently, should
Microsoft Loopback Adapter interface is the Microsoft Loopback Adapter address that the vpn tunneling server that management server issues uses
Management server-assignment client is vpn tunneling client, notice client VPN tunnel clothes
IP address and the public network that port numbers is monitoring device of business device map IP address and public network port number, and
Issue the username and password carrying out authenticating and set up VPN to client, client to monitoring device transmission
Tunnel connection request, monitoring device listens to carry out user's mirror after this sets up vpn tunneling connection request
Power and response, and management server-assignment is issued to the Microsoft Loopback Adapter address of vpn tunneling client
To client, client receives the Microsoft Loopback Adapter of the vpn tunneling client use that monitoring device issues
Address, generates PPP Microsoft Loopback Adapter interface on the client, completes the foundation of vpn tunneling.
After vpn tunneling between client and monitoring device is set up, in client and monitoring device
A new PPP Microsoft Loopback Adapter interface, the PPP Microsoft Loopback Adapter interface in monitoring device will be generated
IP address be management server-assignment to the Microsoft Loopback Adapter address of vpn tunneling server, client
On the IP address of PPP Microsoft Loopback Adapter interface be that management server-assignment is to vpn tunneling client
Microsoft Loopback Adapter address.
Then management server notice client and monitoring device generate the Microsoft Loopback Adapter with the other side respectively
The Host routes of address for the purpose of address, or issue a Host routes respectively and set to client and monitoring
Standby.Wherein the purpose IP address of the Host routes of client is for managing server-assignment to vpn tunneling
The Microsoft Loopback Adapter address of server, outgoing interface is newly-established PPP Microsoft Loopback Adapter interface in client,
The purpose IP address of the Host routes of monitoring device is for managing server-assignment to vpn tunneling client
Microsoft Loopback Adapter address, outgoing interface is newly-established PPP Microsoft Loopback Adapter interface in monitoring device.
It should be noted that the present embodiment distribution monitoring device is vpn tunneling server, distribution visitor
Family end is vpn tunneling client, client initiate to set up vpn tunneling connection request.Similarly
, it is also possible to distribution client is vpn tunneling server, and distribution monitoring device is vpn tunneling client
End, is initiated to set up vpn tunneling connection request by monitoring device.The invention is not restricted to concrete implementation
Form.
Establish direct-connected under the assistance of management server by said method, client and monitoring device
Vpn tunneling, use management server-assignment to the Microsoft Loopback Adapter address of vpn tunneling server and
Management server-assignment directly communicates to the Microsoft Loopback Adapter address of vpn tunneling client, client
End directly obtains monitor video from monitoring device.
It should be noted that when the direct-connected vpn tunneling of client and monitoring device foundation breaks down
Time, owing to client has all set up VPN tunnel with management server, monitoring device with management server
Road, the vpn tunneling that client can use it and management server to set up carrys out Access Management Access server,
The monitor video forwarding acquisition monitoring device by management server.
Above example is only limited in order to technical scheme to be described, is not carrying on the back
In the case of present invention spirit and essence thereof, those of ordinary skill in the art work as can be according to the present invention
Make various corresponding change and deformation, but these change accordingly and deformation all should belong to institute of the present invention
Attached scope of the claims.
Claims (10)
1. set up a device for direct-connected vpn tunneling, the management clothes being applied in video monitoring system
Business device, described video monitoring system includes client and the monitoring device being positioned at different private network, and
It is positioned at the management server of public network, it is characterised in that the described device setting up direct-connected vpn tunneling,
Including:
VPN relay service modules, for setting up vpn tunneling respectively with client and monitoring device;
NAT burrows service module, maps IP address, port numbers for obtaining the public network of client,
And the public network of monitoring device maps IP address, port numbers, the public network of client is mapped IP address
It is sent to monitoring device with port numbers, the public network of monitoring device is mapped IP address and port numbers sends
To client, so that client and monitoring device utilize the IP address and port number information each received
Carry out burrowing cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect
;
Configuration module, is used for distributing monitoring device and client is respectively vpn tunneling role server
With vpn tunneling client role, issue configuration information to client and monitoring device so that client
End and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
The device setting up direct-connected vpn tunneling the most according to claim 1, it is characterised in that
Described configuration module assignment monitoring device and client are respectively vpn tunneling role server and VPN
Tunnel client end role, issues configuration information to client and monitoring device so that client and monitoring
When equipment is by UDP connection establishment direct-connected vpn tunneling, perform to operate as follows:
Distribution monitoring device is vpn tunneling server, issues the virtual of vpn tunneling server use
The Microsoft Loopback Adapter address that NIC address and vpn tunneling client use, to monitoring device, issues and carries out
The username and password of authentication is to monitoring device, in order to monitoring device completes vpn tunneling server
Configuration, then starts on the private network IP address and private network port numbers of monitoring device and intercepts process, detect
Listen the vpn tunneling connection request of vpn tunneling client, listen to vpn tunneling connection request
After carry out subscription authentication and response, in monitoring device generate PPP Microsoft Loopback Adapter interface, and will distribution
It is handed down to client to the Microsoft Loopback Adapter address of vpn tunneling client;
Distribution client is vpn tunneling client, the IP of notice client VPN tunnel server
Address and public network that port numbers is monitoring device map IP address and port numbers, and issue and authenticate
Username and password to client, in order to client sends to monitoring device and sets up vpn tunneling even
Connect request, receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues,
PPP Microsoft Loopback Adapter interface is generated in client.
The device setting up direct-connected vpn tunneling the most according to claim 1, it is characterised in that
Described configuration module is additionally operable to:
Notice client and monitoring device generate address for the purpose of the Microsoft Loopback Adapter address of the other side respectively
Host routes.
The device setting up direct-connected vpn tunneling the most according to claim 3, it is characterised in that
The purpose IP address of the Host routes of described client is the virtual net distributing to vpn tunneling server
Card address, outgoing interface is the PPP Microsoft Loopback Adapter interface in client, the main frame road of described monitoring device
By purpose IP address be the Microsoft Loopback Adapter address distributing to vpn tunneling client, outgoing interface for prison
PPP Microsoft Loopback Adapter interface on control equipment.
5. set up a device for direct-connected vpn tunneling, the client being applied in video monitoring system
, described video monitoring system includes client and the monitoring device being positioned at different private network, and is positioned at
The management server of public network, it is characterised in that the described device setting up direct-connected vpn tunneling, including
:
Client relaying VPN module, disappears for setting up vpn tunneling request to management server transmission
Breath, sets up vpn tunneling with management server;
Client burrows module, maps IP for receiving the public network of the monitoring device that management server issues
By the cross-over NAT equipment that burrows between address and port numbers, and monitoring device, set up and monitoring device
Between UDP connect;
Client direct-connected VPN module, for receiving the configuration information that management server issues, with prison
Control equipment passes through the vpn tunneling that UDP connection establishment is direct-connected.
The device setting up direct-connected vpn tunneling the most according to claim 5, it is characterised in that
Described client direct-connected VPN module is receiving the configuration information that management server issues, and sets with monitoring
Standby by vpn tunneling that UDP connection establishment is direct-connected time, perform following operation:
Distribution according to management server is arranged from as vpn tunneling client, receives management service
IP address and the public network that port numbers is monitoring device of the vpn tunneling server that device issues map IP
Address and port numbers, and carry out the username and password authenticated, send to monitoring device and set up VPN
Tunnel connection request;
Receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, generate PPP
Microsoft Loopback Adapter interface.
The device setting up direct-connected vpn tunneling the most according to claim 5, it is characterised in that
Described client direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of monitoring device
Host routes, the purpose IP address of described Host routes is the void distributing to vpn tunneling server
Intending NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
8. setting up a device for direct-connected vpn tunneling, the monitoring being applied in video monitoring system sets
Standby, described video monitoring system includes client and monitoring device, the Yi Jiwei being positioned at different private network
Management server in public network, it is characterised in that the described device setting up direct-connected vpn tunneling, bag
Include:
Monitoring device relaying VPN module, sets up vpn tunneling request for sending to management server
Message, sets up vpn tunneling with management server;
Monitoring device burrows module, maps IP for receiving the public network of the client that management server issues
By the cross-over NAT equipment that burrows between address and port numbers, and client, set up between client
UDP connect;
Monitoring device direct-connected VPN module, for receiving the configuration information that management server issues, with
Client passes through the vpn tunneling that UDP connection establishment is direct-connected.
The device setting up direct-connected vpn tunneling the most according to claim 8, it is characterised in that
Described monitoring device direct-connected VPN module is receiving the configuration information that management server issues, with client
When holding the vpn tunneling by UDP connection establishment is direct-connected, perform to operate as follows:
Distribution according to management server is arranged from as vpn tunneling server, receives management service
The Microsoft Loopback Adapter address of the vpn tunneling server use that device issues and vpn tunneling client use
Microsoft Loopback Adapter address, and carry out the username and password authenticated, self private network IP address and
Start in private network port numbers and intercept process, intercept the vpn tunneling connection request of vpn tunneling client
, after listening to vpn tunneling connection request, carry out subscription authentication and response, with certainly, generate PPP
Microsoft Loopback Adapter interface, and client is handed down in the Microsoft Loopback Adapter address distributing to vpn tunneling client
End.
The device setting up direct-connected vpn tunneling the most according to claim 8, it is characterised in that
, described monitoring device direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of client
Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling client virtual
NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610251272.8A CN105933198B (en) | 2016-04-21 | 2016-04-21 | Device for establishing direct connection VPN tunnel |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610251272.8A CN105933198B (en) | 2016-04-21 | 2016-04-21 | Device for establishing direct connection VPN tunnel |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105933198A true CN105933198A (en) | 2016-09-07 |
CN105933198B CN105933198B (en) | 2020-01-14 |
Family
ID=56839644
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610251272.8A Active CN105933198B (en) | 2016-04-21 | 2016-04-21 | Device for establishing direct connection VPN tunnel |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105933198B (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107786411A (en) * | 2017-10-19 | 2018-03-09 | 上海前隆信息科技有限公司 | Inter-application communication tunnel connection/verification method/system, medium and equipment |
CN108075950A (en) * | 2017-12-13 | 2018-05-25 | 安徽皖通邮电股份有限公司 | A kind of method of packet access network end-to-end path detection |
CN108667675A (en) * | 2018-08-14 | 2018-10-16 | 浙江亿邦通信科技有限公司 | A kind of communication means, communication equipment and private line of communication are for network method |
CN108881519A (en) * | 2018-08-08 | 2018-11-23 | 成都俊云科技有限公司 | A kind of NAT penetrating method and device |
CN109120491A (en) * | 2017-06-22 | 2019-01-01 | 格局商学教育科技(深圳)有限公司 | It is a kind of for establishing the method and system of direct-connected vpn tunneling in net work teaching system |
CN109121011A (en) * | 2017-06-22 | 2019-01-01 | 格局商学教育科技(深圳)有限公司 | A kind of online class living broadcast interactive system |
CN109525514A (en) * | 2018-12-26 | 2019-03-26 | 北京天融信网络安全技术有限公司 | A kind of information transferring method and information carrying means |
CN110311894A (en) * | 2019-05-24 | 2019-10-08 | 帷幄匠心科技(杭州)有限公司 | A kind of method that local area network internal dynamic penetrates |
CN110740087A (en) * | 2019-09-18 | 2020-01-31 | 视联动力信息技术股份有限公司 | Message transmission method, terminal, gateway device, electronic device and storage medium |
CN111064650A (en) * | 2019-12-23 | 2020-04-24 | 浙江宇视科技有限公司 | Method and device for dynamically changing tunnel connection service port number |
CN111464821A (en) * | 2020-04-01 | 2020-07-28 | 长沙文影网络科技有限公司 | Audio and video live broadcast P2P holing optimization method |
CN112584090A (en) * | 2019-09-27 | 2021-03-30 | 浙江宇视科技有限公司 | Public network video transmission method and system |
CN113067908A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | NAT traversal method, device, electronic equipment and storage medium |
CN113067910A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | NAT traversal method, device, electronic equipment and storage medium |
CN113067911A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | NAT traversal method, device, electronic equipment and storage medium |
CN114039949A (en) * | 2021-12-24 | 2022-02-11 | 上海观安信息技术股份有限公司 | Cloud service floating IP binding method and system |
CN114244803A (en) * | 2020-11-30 | 2022-03-25 | 易识科技(广东)有限责任公司 | Tunnel penetration control method and system |
CN114584528A (en) * | 2020-11-17 | 2022-06-03 | 中国移动通信有限公司研究院 | Tunnel establishment method, device and equipment |
CN115694901A (en) * | 2022-09-27 | 2023-02-03 | 河北轩昊信息技术有限公司 | VPN tunnel communication method and device |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212374A (en) * | 2006-12-29 | 2008-07-02 | 北大方正集团有限公司 | Method and system for remote access to campus network resources |
CN102065125A (en) * | 2010-11-18 | 2011-05-18 | 广州致远电子有限公司 | Method for realizing embedded secure socket layer virtual private network (SSL VPN) |
CN102378982A (en) * | 2009-03-30 | 2012-03-14 | 西科姆株式会社 | Monitoring system and communication management device |
CN102439912A (en) * | 2009-03-30 | 2012-05-02 | 西科姆株式会社 | Communication control device and monitoring device |
CN102801695A (en) * | 2011-05-27 | 2012-11-28 | 华耀(中国)科技有限公司 | Communication equipment for virtual private network and data packet transmission method for communication equipment |
CN103023898A (en) * | 2012-12-03 | 2013-04-03 | 杭州迪普科技有限公司 | Method and device for accessing intranet resource of virtual private network (VPN) server |
CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
CN104168457A (en) * | 2014-08-18 | 2014-11-26 | 浙江宇视科技有限公司 | Method and device for playing multiple media streams on demand |
CN104579879A (en) * | 2014-12-05 | 2015-04-29 | 上海斐讯数据通信技术有限公司 | Virtual private network communication system, connection method and data packet transmission method |
-
2016
- 2016-04-21 CN CN201610251272.8A patent/CN105933198B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212374A (en) * | 2006-12-29 | 2008-07-02 | 北大方正集团有限公司 | Method and system for remote access to campus network resources |
CN102378982A (en) * | 2009-03-30 | 2012-03-14 | 西科姆株式会社 | Monitoring system and communication management device |
CN102439912A (en) * | 2009-03-30 | 2012-05-02 | 西科姆株式会社 | Communication control device and monitoring device |
CN102065125A (en) * | 2010-11-18 | 2011-05-18 | 广州致远电子有限公司 | Method for realizing embedded secure socket layer virtual private network (SSL VPN) |
CN102801695A (en) * | 2011-05-27 | 2012-11-28 | 华耀(中国)科技有限公司 | Communication equipment for virtual private network and data packet transmission method for communication equipment |
CN103023898A (en) * | 2012-12-03 | 2013-04-03 | 杭州迪普科技有限公司 | Method and device for accessing intranet resource of virtual private network (VPN) server |
CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
CN104168457A (en) * | 2014-08-18 | 2014-11-26 | 浙江宇视科技有限公司 | Method and device for playing multiple media streams on demand |
CN104579879A (en) * | 2014-12-05 | 2015-04-29 | 上海斐讯数据通信技术有限公司 | Virtual private network communication system, connection method and data packet transmission method |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109120491A (en) * | 2017-06-22 | 2019-01-01 | 格局商学教育科技(深圳)有限公司 | It is a kind of for establishing the method and system of direct-connected vpn tunneling in net work teaching system |
CN109121011A (en) * | 2017-06-22 | 2019-01-01 | 格局商学教育科技(深圳)有限公司 | A kind of online class living broadcast interactive system |
CN107786411A (en) * | 2017-10-19 | 2018-03-09 | 上海前隆信息科技有限公司 | Inter-application communication tunnel connection/verification method/system, medium and equipment |
CN108075950A (en) * | 2017-12-13 | 2018-05-25 | 安徽皖通邮电股份有限公司 | A kind of method of packet access network end-to-end path detection |
CN108075950B (en) * | 2017-12-13 | 2021-07-20 | 安徽皖通邮电股份有限公司 | Method for detecting end-to-end path of packet access network |
CN108881519A (en) * | 2018-08-08 | 2018-11-23 | 成都俊云科技有限公司 | A kind of NAT penetrating method and device |
CN108667675A (en) * | 2018-08-14 | 2018-10-16 | 浙江亿邦通信科技有限公司 | A kind of communication means, communication equipment and private line of communication are for network method |
CN109525514A (en) * | 2018-12-26 | 2019-03-26 | 北京天融信网络安全技术有限公司 | A kind of information transferring method and information carrying means |
CN110311894A (en) * | 2019-05-24 | 2019-10-08 | 帷幄匠心科技(杭州)有限公司 | A kind of method that local area network internal dynamic penetrates |
CN110740087A (en) * | 2019-09-18 | 2020-01-31 | 视联动力信息技术股份有限公司 | Message transmission method, terminal, gateway device, electronic device and storage medium |
CN112584090A (en) * | 2019-09-27 | 2021-03-30 | 浙江宇视科技有限公司 | Public network video transmission method and system |
CN111064650A (en) * | 2019-12-23 | 2020-04-24 | 浙江宇视科技有限公司 | Method and device for dynamically changing tunnel connection service port number |
CN113067908A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | NAT traversal method, device, electronic equipment and storage medium |
CN113067910A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | NAT traversal method, device, electronic equipment and storage medium |
CN113067911A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | NAT traversal method, device, electronic equipment and storage medium |
CN113067908B (en) * | 2020-01-02 | 2023-03-31 | 中国移动通信有限公司研究院 | NAT (network Address translation) traversing method and device, electronic equipment and storage medium |
CN113067910B (en) * | 2020-01-02 | 2023-05-09 | 中国移动通信有限公司研究院 | NAT traversal method and device, electronic equipment and storage medium |
CN111464821A (en) * | 2020-04-01 | 2020-07-28 | 长沙文影网络科技有限公司 | Audio and video live broadcast P2P holing optimization method |
CN114584528A (en) * | 2020-11-17 | 2022-06-03 | 中国移动通信有限公司研究院 | Tunnel establishment method, device and equipment |
CN114244803A (en) * | 2020-11-30 | 2022-03-25 | 易识科技(广东)有限责任公司 | Tunnel penetration control method and system |
CN114244803B (en) * | 2020-11-30 | 2024-06-04 | 易识科技(广东)有限责任公司 | Tunnel penetration control method and system |
CN114039949A (en) * | 2021-12-24 | 2022-02-11 | 上海观安信息技术股份有限公司 | Cloud service floating IP binding method and system |
CN114039949B (en) * | 2021-12-24 | 2024-03-26 | 上海观安信息技术股份有限公司 | Cloud service floating IP binding method and system |
CN115694901A (en) * | 2022-09-27 | 2023-02-03 | 河北轩昊信息技术有限公司 | VPN tunnel communication method and device |
CN115694901B (en) * | 2022-09-27 | 2023-09-26 | 河北轩昊信息技术有限公司 | VPN tunnel communication method and device and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN105933198B (en) | 2020-01-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105933198A (en) | Device for establishing direct connection VPN tunnel | |
CN107580065B (en) | A kind of private clound cut-in method and equipment | |
CN105025044B (en) | A kind of apparatus control method and system | |
US20070011733A1 (en) | Unified architecture for remote network access | |
US8804562B2 (en) | Broadband network system and implementation method thereof | |
US8611358B2 (en) | Mobile network traffic management | |
CN104427010A (en) | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) | |
CN105119787B (en) | A kind of public internet access system and method based on software definition | |
CN113329101B (en) | Remote login method and login device for edge computing node | |
CN103607345B (en) | A kind of monitor node establishes the method and system of routing iinformation | |
CN105072213A (en) | IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway | |
CN106789606A (en) | A kind of network communicating system, its management method and communication means | |
CN103747116A (en) | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) | |
CN107333099A (en) | Network camera with wireless relay function | |
CN112911001A (en) | Cloud VPN and enterprise network automatic networking scheme | |
CN107547403B (en) | Message forwarding method, message assistance device, controller and host | |
CN100365591C (en) | Network address distributing method based on customer terminal | |
CN102983988B (en) | A kind of proxy for equipment device and network administration apparatus | |
CN105915662B (en) | A kind of data transmission method and device | |
CN103023789A (en) | Method for accessing private network server in internet | |
CN100490393C (en) | Method for accessing user network management platform | |
CN108123912A (en) | A kind of micro services system for supporting P2P | |
US20080049765A1 (en) | Method and system for inter working a point-to-point link and a LAN service | |
CN102710644B (en) | Method and device for saving bandwidth in internet protocol (IP) monitoring system | |
TWI511496B (en) | System of wireless communication, and method of management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |